Reorganize the data used for SSL ciphersuite pattern matching.

 Changes between 0.9.8e and 0.9.9  [xx XXX xxxx]

  *) Split the SSL/TLS algorithm mask (as used for ciphersuite string

     processing) into multiple integers instead of setting

     "SSL_MKEY_MASK" bits, "SSL_AUTH_MASK" bits, "SSL_ENC_MASK",

     "SSL_MAC_MASK", and "SSL_SSL_MASK" bits all in a single integer.

     (These masks as well as the individual bit definitions are hidden

     away into the non-exported interface ssl/ssl_locl.h, so this

     change to the definition of the SSL_CIPHER structure shouldn't

     affect applications.)  This give us more bits for each of these

     categories, so there is no longer a need to coagulate AES128 and

     AES256 into a single algorithm bit, and to coagulate Camellia128

     and Camellia256 into a single algorithm bit, which has led to all

     kinds of kludges.

     Thus, among other things, the kludge introduced in 0.9.7m and

     0.9.8e for masking out AES256 independently of AES128 or masking

     out Camellia256 independently of AES256 is not needed here in 0.9.9.

     With the change, we also introduce new ciphersuite aliases that

     so far were missing: "AES128", "AES256", "CAMELLIA128", and

     "CAMELLIA256".

     [Bodo Moeller]

  *) Add support for dsa-with-SHA224 and dsa-with-SHA256.

     Use the leftmost N bytes of the signature input if the input is

     larger than the prime q (with N being the size in bytes of q).

 Changes between 0.9.8d and 0.9.8e  [XX xxx XXXX]

  *) Since AES128 and AES256 (and similarly Camellia128 and

     Camellia256) share a single mask bit in the logic of

     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a

     kludge to work properly if AES128 is available and AES256 isn't

     (or if Camellia128 is available and Camellia256 isn't).

     [Victor Duchovni]

  *) Fix the BIT STRING encoding generated by crypto/ec/ec_asn1.c

     (within i2d_ECPrivateKey, i2d_ECPKParameters, i2d_ECParameters):

     When a point or a seed is encoded in a BIT STRING, we need to

 Changes between 0.9.7l and 0.9.7m  [xx XXX xxxx]

  *) Since AES128 and AES256 share a single mask bit in the logic of

     ssl/ssl_ciph.c, the code for masking out disabled ciphers needs a

     kludge to work properly if AES128 is available and AES256 isn't.

     [Victor Duchovni]

  *) Have SSL/TLS server implementation tolerate "mismatched" record

     protocol version while receiving ClientHello even if the

     ClientHello is fragmented.  (The server can't insist on the

  ---------------

/* ====================================================================

 * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1998-2007 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

 OpenSSL 0.9.9-dev XX xxx XXXX

 Copyright (c) 1998-2005 The OpenSSL Project

 Copyright (c) 1998-2007 The OpenSSL Project

 Copyright (c) 1995-1998 Eric A. Young, Tim J. Hudson

 All rights reserved.

 * should only keep the versions that are binary compatible with the current.

 */

#define SHLIB_VERSION_HISTORY ""

#define SHLIB_VERSION_NUMBER "0.9.8"

#define SHLIB_VERSION_NUMBER "0.9.9"

#endif /* HEADER_OPENSSLV_H */

 * (nagendra@cs.stanford.edu) for the OpenSSL project 2005.  

 */

/* ====================================================================

 * Copyright (c) 1999-2005 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1999-2007 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions

		case SSL3_ST_CR_CERT_A:

		case SSL3_ST_CR_CERT_B:

			/* Check if it is anon DH */

			if (!(s->s3->tmp.new_cipher->algorithms & SSL_aNULL))

			if (!(s->s3->tmp.new_cipher->algorithm_auth & SSL_aNULL))

				{

				ret=ssl3_get_server_certificate(s);

				if (ret <= 0) goto end;

		case SSL3_ST_CW_KEY_EXCH_B:

			ret=dtls1_send_client_key_exchange(s);

			if (ret <= 0) goto end;

			l=s->s3->tmp.new_cipher->algorithms;

			/* EAY EAY EAY need to check for DH fix cert

			 * sent back */

			/* For TLS, cert_req is set to 2, so a cert chain

	{

	unsigned char *p,*d;

	int n;

	unsigned long l;

	unsigned long alg_k;

#ifndef OPENSSL_NO_RSA

	unsigned char *q;

	EVP_PKEY *pkey=NULL;

		d=(unsigned char *)s->init_buf->data;

		p= &(d[DTLS1_HM_HEADER_LENGTH]);

		l=s->s3->tmp.new_cipher->algorithms;

		alg_k=s->s3->tmp.new_cipher->algorithm_mkey;

                /* Fool emacs indentation */

                if (0) {}

#ifndef OPENSSL_NO_RSA

		else if (l & SSL_kRSA)

		else if (alg_k & SSL_kRSA)

			{

			RSA *rsa;

			unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH];

			}

#endif

#ifndef OPENSSL_NO_KRB5

		else if (l & SSL_kKRB5)

		else if (alg_k & SSL_kKRB5)

                        {

                        krb5_error_code	krb5rc;

                        KSSL_CTX	*kssl_ctx = s->kssl_ctx;

#ifdef KSSL_DEBUG

                        printf("ssl3_send_client_key_exchange(%lx & %lx)\n",

                                l, SSL_kKRB5);

                                alg_k, SSL_kKRB5);

#endif	/* KSSL_DEBUG */

			authp = NULL;

                        }

#endif

#ifndef OPENSSL_NO_DH

		else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

		else if (alg_k & (SSL_kEDH|SSL_kDHr|SSL_kDHd))

			{

			DH *dh_srvr,*dh_clnt;